Thanks for the reply.
My idea is to have traffic between vxlan encrypted:
host1/vxlan1
| x |
| x |
ipsec tunel
| x |
| x |
host2/vxlan1
Do i still need to connect to tunnels?
I'm trying to configure it now..
On 01/23/2018 06:35 PM, Sowmini Varadhan wrote:
On (01/23/18 12:30), Paul Wouters wrote:
Why two? Are both peers using an ephemeral souce port? If it is port
4789 to port 4789, wouldn't one tunnel be enough?
I'm assuming that the local host is both sends (to other node's
udp port 4789) and receives (on udp port 4789 from other peers)
vxlan packets, and that we want ipsec for both directions.
Depends on what Antonio is trying to achieve, I suppose.
--Sowmini
--
Saludos / Regards / Cumprimentos
António Silva
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
